package org.tp8.sampleapp.security.util;

import javax.servlet.http.HttpServletRequest;

import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.stereotype.Component;

/**
 * The Class CSRFRequestMatcher.
 */
@Component("csrfRequestMatcher")
public class CSRFRequestMatcher implements RequestMatcher {

	/*
	 * (non-Javadoc)
	 * 
	 * @see
	 * org.springframework.security.web.util.matcher.RequestMatcher#matches(
	 * javax.servlet.http.HttpServletRequest)
	 */
	@Override
	public boolean matches(HttpServletRequest request) {
		String url = request.getRequestURL().toString();
		boolean isFaces = url.matches(".*/faces/.*");

		String httpMethod = request.getMethod();
		boolean isPOST = "POST".equalsIgnoreCase(httpMethod);
		boolean isDELETE = "DELETE".equalsIgnoreCase(httpMethod);
		boolean isPUT = "PUT".equalsIgnoreCase(httpMethod);

		return isFaces && (isPOST || isPUT || isDELETE);
	}

}
